[strongSwan] Host to Network IPSec PSK Vpn tunnel

Muhammad Yousuf Khan sirtcp at gmail.com
Thu Mar 16 19:37:25 CET 2017


Thanks you for your input  Noel. it is really appreciated.
So you mean i delete leftsubnet parameter thats is sufficient and tunnel
will work.

Thanks,
Yousuf

On Thu, Mar 16, 2017 at 10:36 PM, Noel Kuntze <noel at familie-kuntze.de>
wrote:

> On 16.03.2017 07:29, Muhammad Yousuf Khan wrote:
> >
> > There is a requriment from our client that we need a ipsec tunnel for
> communication.
> > as per our experience with Openvpn we can do that very easily however
> IPsec works very differently therefore i need your assistence.
>
> Policy based IPsec (which is used by default with strongswan) doesn't
> require special network devices.
> Traffic is protected transparently on the physical interface. There's no
> problem with routing.
>
> > now here is the confusion part leftsubnet is technically called
> encryption domain in Cisco.
> > so how come my public IP of a cloud VM can be in both role as remote
> peer and encryption domain? this is very confusing part.
>
> IKE packets are excepted from IPsec processing. Anything else is subject
> to it. It works without adding special routes
> to the routing table(s).
>
>
> --
>
> Mit freundlichen Grüßen/Kind Regards,
> Noel Kuntze
>
> GPG Key ID: 0x63EC6658
> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170316/d9e0931f/attachment.html>


More information about the Users mailing list